/// 



22. 






24 


X- 








INPUT 


> 




DISPLAY 


CLIENT 


— > 


MEDIUM 


< — 3 


■ DRIVE 


STO 


CPU 


ESS 




J 




2(K 25^ 23^ 


18^ 




INPUT 


> 




DISPLAY 


CLIENT 


— > 


MEDIUM 


<— -3 


•DRIVE 


STO 


CPU 


ESS 



< > 



« > 





INPUT 


> 




DISPLAY 


CLIENT 


1 — > 


MEDIUM 


<— -a 


DRIVE 


STO 


CPU 


ESS 












INPUT 


— > 




DISPLAY 


CLIENT 


1 — > 


MEDIUM 


<— ^ 


•DRIVE 


STO 


CPU 


ESS 












INPUT 


— > 




DISPLAY 


CLIENT 


L- > 


MEDIUM 




•DRIVE 


STO 


CPU 


ESS 



< > 



o 



CO 

o 

I— 
<c 
o 



< > 



o 
o 



< — > 

26- 
27- 

28- 



-14 



12 

SERVER 

CPU 
STO 
DRIVE 

M EDIUM 



< > 



31 

32- 



FIG. 2 



MEDIUM 



TOKEN USER 
PRIVATE KEY 



PIN 



SECURE TRANSFER 
PUBLIC KEY 



TOKEN 


USER 


PUBLIC 


KEY 



-16 

-30 



-33 



2/7 



(START)— 34 



GENERATE 


HARDWARE 


_^-36 




KEY 


PAIR 












STORE 


IN ESS — 


38 



GENERATE 


PLATFORM 


KEY 


PAIR 


V 


ENCRYPT 


PLATFORM 



-40 



PRIVATE KEY WITH 
HARDWARE PUBLIC KEY 



-42 



■33 



FIG. 3 



56- 



44 



STORE PLATFORM KEY 
PAIR HAVING PRIVATE 
KEY ENCRYPTED WITH 



HARDWARE 



'UBLIC KEY 



END ) 54 



STORE SECURE TRANSFER 
KEY PAIR HAVING PRIVATE KEY 
ENCRYPTED WITH PLATFORM 
PUBLIC KEY 



46 



COMMUNICATIONS NETWORK 



TRANSMIT PLATFORM 
PUBLIC KEY 



48 



52 



TRANSMIT SECURE TRANSFER 
KEY PAIR HAVING PRIVATE KEY 

ENCRYPTED WITH PLATFORM 
PUBLIC KEY 

I 



SERVER 



READ SECURE 
TRANSFER KEY PAIR 



50 



ENCRYPT SECURE TRANSFER 
PRIVATE KEY WITH 
PLATFORM PUBLIC KEY 



3/7 

(START^r^62 




70 



ASK FOR 
PIN 




READ 
PIN 



-68 



READ TOKEN USER KEY PAIR 



READ SECURE TRANSFER 
PUBLIC KEY 



74 



-75 



ENCRYPT TOKEN USER PRIVATE 
KEY AND PIN WITH SECURE 
TRANSFER PUBLIC KEY 



■76 



WRITE TOKEN USER KEY PAIR AND 
PIN, HAVING PRIVATE KEY AND PIN 
ENCRYPTED WITH SECURE TRANSFER 
PUBLIC KEY, TO MEDIA 



FIG. 4 




( END ) 84 



4/7 



146 (START) 




READ TOKEN USER KEY PAIR 
AND PIN, HAVING PRIVATE KEY 
AND PIN ENCRYPTED WITH 
SECURE TRANSFER PUBLIC 
KEY, FROM MEDIA 



98 



LOAD PLATFORM PRIVATE KEY 
ENCRYPTED WITH HARDWARE 
PUBLIC KEY INTO ESS 



100 



DECRYPT PLATFORM PRIVATE 
KEY WITH HARDWARE PRIVATE 
KEY IN ESS 



102 



LOAD SECURE TRANSFER 
PUBLIC KEY ENCRYPTED WITH 
PLATFORM PUBLIC KEY IN ESS 



104 



DECRYPT TOKEN USER PRIVATE 
KEY AND PIN WITH SECURE 
TRANSFER PRIVATE KEY 



DECRYPT TOKEN USER PRIVATE 

KEY AND PIN WITH SECURE 
TRANSFER PRIVATE KEY IN ESS 



106 



108- 



112 

1 





< 




ASK FOR PIN 




J 1 




—110 


Y PINSN. 
\ MATCH y 






NO 

t 


— 114- 


/ MAX \ 


NO 



TRIES 



INDICATE 
REJECTION 



PERFORM OPERATIONS ENABLED 
BY USE OF TOKEN 




120 118 
(END > — < CONTINUE 

FIG. 5 



5/7 



(START) — 34 

\ 

GENERATE PLATFORM 
KEY PAIR 



-40 



-33 



56- 



44 



STORE PLATFORM KEY 
PAIR HAVING PRIVATE 
KEY ENCRYPTED WITH 
HARDWARE PUBLIC KEY 



END ) 54 



STORE SECURE TRANSFER 
KEY PAIR HAVING PRIVATE KEY 
ENCRYPTED WITH PLATFORM 
PUBLIC KEY 



14- 



12 



COMMUNICATIONS NETWORK 



SERVER 



FIG. 6 



154 



DATA TRANSFER 



WRITE PLATFORM PUBLIC 
KEY ON MEDIUM AT 
CLIENT SYSTEM 



-156 



READ DATA 



TRANSPORT MEDIUM 
TO SERVER 



-158 



-166 



TRANSPORT MEDIUM 
TO CLIENT SYSTEM 



READ DATA 



-160 



-164 
162 

L 



WRITE SECURE TRANSFER KEY PAIR 
HAVING PRIVATE KEY ENCRYPTED 
WITH PLATFORM PUBLIC KEY 
ON MEDIUM AT SERVER 



FIG. 9 



6/7 



146^ <STARf) 




READ TOKEN USER KEY PAIR 
AND PIN, HAVING PRIVATE KEY 
AND PIN ENCRYPTED WITH 
SECURE TRANSFER PUBLIC 
KEY, FROM MEDIA 



146 



READ SECURE TRANSFER 
PRIVATE KEY ENCRYPTED 
WITH PLATFORM PUBLIC KEY 



148 



DECRYPT SECURE TRANSFER 
PRIVATE KEY WITH 
PLATFORM PRIVATE KEY 



150 



DECRYPT TOKEN USER PRIVATE 
KEY AND PIN WITH SECURE 
TRANSFER PRIVATE KEY 



FIG. 7 



ASK FOR PIN 



/V 10 

YES/ PINS \ 
\ MATCH / 



112 




INDICATE 
REJECTION 



PERFORM OPERATIONS ENABLED 
BY USE OF TOKEN 



120 118 



( END > 




22 



2l 



7/7 
24^ 10- 



INPUT 



r-H MEDIUM 





DISPLAY 


CLIENT 


•DRIVE 


STO 


CPU 


ESS 



2(K 25^ 23^ 18' 



INPUT 


> 




DISPLAY 


CLIENT 


MEDIUM 


<--3 


-DRIVE 


STO 


CPU 


ESS 



I — > 



INPUT 


> 




DISPLAY 


CLIENT 


MEDIUM 




-DRIVE 


STO 


CPU 


ESS 



\ — > 



INPUT 


> 




DISPLAY 


CLIENT 


MEDIUM 


<— -5 


•DRIVE 


STO 


CPU 


ESS 



I 3 



INPUT 


>- 




DISPLAY 


CLIENT 


MEDIUM 


<— -9 


•DRIVE 


STO 


CPU 


ESS 




FIG. 8 



